Mobile Malware, Particularly on Android Devices, Grew in 2014

The Lookout Security report shows that mobile malware is on the rise, but it's not all bad news in the mobile security world either.

Andriod security

There is reason for concern about mobile security, but there is also reason for some optimism, a new report from mobile security firm Lookout suggests.

The study analyzed security data from Lookout's base of 60 million users around the world and spotted key trends about mobile security risks, including malware, adware and chargeware.

Lookout defines malware as malicious apps that steal user data, chargeware as an app that charges a user for services or content without proper user notification or authorization, and adware as an app that serves obtrusive ads that collect excessive amounts of info and interfere with the mobile experience.

In the United States last year, Lookout users encountered a 75 percent spike in Android mobile malware. In 2013, Lookout reported a 4 percent mobile malware encounter rate, which grew to 7 percent in 2014.

While malware grew in the United States, the volumes of both chargeware and adware encounters declined. Lookout reported that in 2014, the U.S adware encounter rate was 10 percent, down from 25 percent in 2013. The chargeware encounter rate in the United States was 4 percent in 2014, down from 5 percent in 2013.

"The state of mobile security in the U.S. is concerning, but not hopeless," Jeremy Linden, senior security product manager at Lookout, told eWEEK. "What you have to look at here is the significant change in the type of threat hitting the United States."

Worldwide, industries are doing a great job at mitigating the threats of adware and chargeware, Linden said. As such, mobile adversaries are evolving their threats, making them more sophisticated. In the United States, Lookout saw two particularly concerning threats—ransomware and a variant of NotCompatible, Linden said.

"Ransomware locks a person's devices and uses fear to coerce them into coughing up cash," Linden explained. "NotCompatible is effectively a 'rent-a-botnet.' This lets malicious actors secretly use your phone's network connection to hide their identity and perform potentially illegal tasks."

According to Lookout's study, 4 million U.S Android users encountered ransomware in 2014. Overall though, Linden noted that this past year Lookout saw that industry collaboration can be successful in diminishing the efficacy of threats.

One key trend across Lookout's data is the fact that top mobile threats are all Android-based.

"Think of the malware market on iOS as Android was in 2010," Linden said "It's a developing environment, and there's definitely interest in it as we've seen this past year, but the saturation of threats really exist on Android. "

The Android threats are not just limited to fully patched up-to-date versions of Android either. Unpatched versions of Android definitely open up a wider attack field for bad actors; however, the malware Lookout observed was for the most part Android-version agnostic, Linden said.

Trends that emerged in 2014 are likely to set the stage for a lot of developing trends in the new year, and Lookout expects attackers to continue looking to the United States for mobile malware attacks, Linden said.

"We also believe mainstream iOS attacks will increase," Linden said. "Now that iOS has gained a significant foothold around the world, adversaries will start taking more interest in attacking the platform."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.